azuread.ApplicationCertificate
Explore with Pulumi AI
Example Usage
Using a PEM certificate
import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";
import * as std from "@pulumi/std";
const example = new azuread.ApplicationRegistration("example", {displayName: "example"});
const exampleApplicationCertificate = new azuread.ApplicationCertificate("example", {
applicationId: example.id,
type: "AsymmetricX509Cert",
value: std.file({
input: "cert.pem",
}).then(invoke => invoke.result),
endDate: "2021-05-01T01:02:03Z",
});
import pulumi
import pulumi_azuread as azuread
import pulumi_std as std
example = azuread.ApplicationRegistration("example", display_name="example")
example_application_certificate = azuread.ApplicationCertificate("example",
application_id=example.id,
type="AsymmetricX509Cert",
value=std.file(input="cert.pem").result,
end_date="2021-05-01T01:02:03Z")
package main
import (
"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := azuread.NewApplicationRegistration(ctx, "example", &azuread.ApplicationRegistrationArgs{
DisplayName: pulumi.String("example"),
})
if err != nil {
return err
}
invokeFile, err := std.File(ctx, &std.FileArgs{
Input: "cert.pem",
}, nil)
if err != nil {
return err
}
_, err = azuread.NewApplicationCertificate(ctx, "example", &azuread.ApplicationCertificateArgs{
ApplicationId: example.ID(),
Type: pulumi.String("AsymmetricX509Cert"),
Value: pulumi.String(invokeFile.Result),
EndDate: pulumi.String("2021-05-01T01:02:03Z"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureAD = Pulumi.AzureAD;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() =>
{
var example = new AzureAD.ApplicationRegistration("example", new()
{
DisplayName = "example",
});
var exampleApplicationCertificate = new AzureAD.ApplicationCertificate("example", new()
{
ApplicationId = example.Id,
Type = "AsymmetricX509Cert",
Value = Std.File.Invoke(new()
{
Input = "cert.pem",
}).Apply(invoke => invoke.Result),
EndDate = "2021-05-01T01:02:03Z",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuread.ApplicationRegistration;
import com.pulumi.azuread.ApplicationRegistrationArgs;
import com.pulumi.azuread.ApplicationCertificate;
import com.pulumi.azuread.ApplicationCertificateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ApplicationRegistration("example", ApplicationRegistrationArgs.builder()
.displayName("example")
.build());
var exampleApplicationCertificate = new ApplicationCertificate("exampleApplicationCertificate", ApplicationCertificateArgs.builder()
.applicationId(example.id())
.type("AsymmetricX509Cert")
.value(StdFunctions.file(FileArgs.builder()
.input("cert.pem")
.build()).result())
.endDate("2021-05-01T01:02:03Z")
.build());
}
}
resources:
example:
type: azuread:ApplicationRegistration
properties:
displayName: example
exampleApplicationCertificate:
type: azuread:ApplicationCertificate
name: example
properties:
applicationId: ${example.id}
type: AsymmetricX509Cert
value:
fn::invoke:
Function: std:file
Arguments:
input: cert.pem
Return: result
endDate: 2021-05-01T01:02:03Z
Using a DER certificate
import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";
import * as std from "@pulumi/std";
const example = new azuread.ApplicationRegistration("example", {displayName: "example"});
const exampleApplicationCertificate = new azuread.ApplicationCertificate("example", {
applicationId: example.id,
type: "AsymmetricX509Cert",
encoding: "base64",
value: std.file({
input: "cert.der",
}).then(invoke => std.base64encode({
input: invoke.result,
})).then(invoke => invoke.result),
endDate: "2021-05-01T01:02:03Z",
});
import pulumi
import pulumi_azuread as azuread
import pulumi_std as std
example = azuread.ApplicationRegistration("example", display_name="example")
example_application_certificate = azuread.ApplicationCertificate("example",
application_id=example.id,
type="AsymmetricX509Cert",
encoding="base64",
value=std.base64encode(input=std.file(input="cert.der").result).result,
end_date="2021-05-01T01:02:03Z")
package main
import (
"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := azuread.NewApplicationRegistration(ctx, "example", &azuread.ApplicationRegistrationArgs{
DisplayName: pulumi.String("example"),
})
if err != nil {
return err
}
invokeBase64encode, err := std.Base64encode(ctx, &std.Base64encodeArgs{
Input: std.File(ctx, &std.FileArgs{
Input: "cert.der",
}, nil).Result,
}, nil)
if err != nil {
return err
}
_, err = azuread.NewApplicationCertificate(ctx, "example", &azuread.ApplicationCertificateArgs{
ApplicationId: example.ID(),
Type: pulumi.String("AsymmetricX509Cert"),
Encoding: pulumi.String("base64"),
Value: pulumi.String(invokeBase64encode.Result),
EndDate: pulumi.String("2021-05-01T01:02:03Z"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureAD = Pulumi.AzureAD;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() =>
{
var example = new AzureAD.ApplicationRegistration("example", new()
{
DisplayName = "example",
});
var exampleApplicationCertificate = new AzureAD.ApplicationCertificate("example", new()
{
ApplicationId = example.Id,
Type = "AsymmetricX509Cert",
Encoding = "base64",
Value = Std.File.Invoke(new()
{
Input = "cert.der",
}).Apply(invoke => Std.Base64encode.Invoke(new()
{
Input = invoke.Result,
})).Apply(invoke => invoke.Result),
EndDate = "2021-05-01T01:02:03Z",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuread.ApplicationRegistration;
import com.pulumi.azuread.ApplicationRegistrationArgs;
import com.pulumi.azuread.ApplicationCertificate;
import com.pulumi.azuread.ApplicationCertificateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ApplicationRegistration("example", ApplicationRegistrationArgs.builder()
.displayName("example")
.build());
var exampleApplicationCertificate = new ApplicationCertificate("exampleApplicationCertificate", ApplicationCertificateArgs.builder()
.applicationId(example.id())
.type("AsymmetricX509Cert")
.encoding("base64")
.value(StdFunctions.base64encode(Base64encodeArgs.builder()
.input(StdFunctions.file(FileArgs.builder()
.input("cert.der")
.build()).result())
.build()).result())
.endDate("2021-05-01T01:02:03Z")
.build());
}
}
resources:
example:
type: azuread:ApplicationRegistration
properties:
displayName: example
exampleApplicationCertificate:
type: azuread:ApplicationCertificate
name: example
properties:
applicationId: ${example.id}
type: AsymmetricX509Cert
encoding: base64
value:
fn::invoke:
Function: std:base64encode
Arguments:
input:
fn::invoke:
Function: std:file
Arguments:
input: cert.der
Return: result
Return: result
endDate: 2021-05-01T01:02:03Z
Using a certificate from Azure Key Vault
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
import * as azuread from "@pulumi/azuread";
const exampleApplication = new azuread.Application("example", {displayName: "example"});
const example = new azure.keyvault.Certificate("example", {
name: "generated-cert",
keyVaultId: exampleAzurermKeyVault.id,
certificatePolicy: {
issuerParameters: {
name: "Self",
},
keyProperties: {
exportable: true,
keySize: 2048,
keyType: "RSA",
reuseKey: true,
},
lifetimeActions: [{
action: {
actionType: "AutoRenew",
},
trigger: {
daysBeforeExpiry: 30,
},
}],
secretProperties: {
contentType: "application/x-pkcs12",
},
x509CertificateProperties: {
extendedKeyUsages: ["1.3.6.1.5.5.7.3.2"],
keyUsages: [
"dataEncipherment",
"digitalSignature",
"keyCertSign",
"keyEncipherment",
],
subjectAlternativeNames: {
dnsNames: [
"internal.contoso.com",
"domain.hello.world",
],
},
subject: `CN=${exampleApplication.name}`,
validityInMonths: 12,
},
},
});
const exampleApplicationCertificate = new azuread.ApplicationCertificate("example", {
applicationId: exampleApplication.id,
type: "AsymmetricX509Cert",
encoding: "hex",
value: example.certificateData,
endDate: example.certificateAttributes.apply(certificateAttributes => certificateAttributes[0].expires),
startDate: example.certificateAttributes.apply(certificateAttributes => certificateAttributes[0].notBefore),
});
import pulumi
import pulumi_azure as azure
import pulumi_azuread as azuread
example_application = azuread.Application("example", display_name="example")
example = azure.keyvault.Certificate("example",
name="generated-cert",
key_vault_id=example_azurerm_key_vault["id"],
certificate_policy={
"issuer_parameters": {
"name": "Self",
},
"key_properties": {
"exportable": True,
"key_size": 2048,
"key_type": "RSA",
"reuse_key": True,
},
"lifetime_actions": [{
"action": {
"action_type": "AutoRenew",
},
"trigger": {
"days_before_expiry": 30,
},
}],
"secret_properties": {
"content_type": "application/x-pkcs12",
},
"x509_certificate_properties": {
"extended_key_usages": ["1.3.6.1.5.5.7.3.2"],
"key_usages": [
"dataEncipherment",
"digitalSignature",
"keyCertSign",
"keyEncipherment",
],
"subject_alternative_names": {
"dns_names": [
"internal.contoso.com",
"domain.hello.world",
],
},
"subject": f"CN={example_application.name}",
"validity_in_months": 12,
},
})
example_application_certificate = azuread.ApplicationCertificate("example",
application_id=example_application.id,
type="AsymmetricX509Cert",
encoding="hex",
value=example.certificate_data,
end_date=example.certificate_attributes[0].expires,
start_date=example.certificate_attributes[0].not_before)
package main
import (
"fmt"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/keyvault"
"github.com/pulumi/pulumi-azuread/sdk/v6/go/azuread"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleApplication, err := azuread.NewApplication(ctx, "example", &azuread.ApplicationArgs{
DisplayName: pulumi.String("example"),
})
if err != nil {
return err
}
example, err := keyvault.NewCertificate(ctx, "example", &keyvault.CertificateArgs{
Name: pulumi.String("generated-cert"),
KeyVaultId: pulumi.Any(exampleAzurermKeyVault.Id),
CertificatePolicy: &keyvault.CertificateCertificatePolicyArgs{
IssuerParameters: &keyvault.CertificateCertificatePolicyIssuerParametersArgs{
Name: pulumi.String("Self"),
},
KeyProperties: &keyvault.CertificateCertificatePolicyKeyPropertiesArgs{
Exportable: pulumi.Bool(true),
KeySize: pulumi.Int(2048),
KeyType: pulumi.String("RSA"),
ReuseKey: pulumi.Bool(true),
},
LifetimeActions: keyvault.CertificateCertificatePolicyLifetimeActionArray{
&keyvault.CertificateCertificatePolicyLifetimeActionArgs{
Action: &keyvault.CertificateCertificatePolicyLifetimeActionActionArgs{
ActionType: pulumi.String("AutoRenew"),
},
Trigger: &keyvault.CertificateCertificatePolicyLifetimeActionTriggerArgs{
DaysBeforeExpiry: pulumi.Int(30),
},
},
},
SecretProperties: &keyvault.CertificateCertificatePolicySecretPropertiesArgs{
ContentType: pulumi.String("application/x-pkcs12"),
},
X509CertificateProperties: &keyvault.CertificateCertificatePolicyX509CertificatePropertiesArgs{
ExtendedKeyUsages: pulumi.StringArray{
pulumi.String("1.3.6.1.5.5.7.3.2"),
},
KeyUsages: pulumi.StringArray{
pulumi.String("dataEncipherment"),
pulumi.String("digitalSignature"),
pulumi.String("keyCertSign"),
pulumi.String("keyEncipherment"),
},
SubjectAlternativeNames: &keyvault.CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNamesArgs{
DnsNames: pulumi.StringArray{
pulumi.String("internal.contoso.com"),
pulumi.String("domain.hello.world"),
},
},
Subject: pulumi.Sprintf("CN=%v", exampleApplication.Name),
ValidityInMonths: pulumi.Int(12),
},
},
})
if err != nil {
return err
}
_, err = azuread.NewApplicationCertificate(ctx, "example", &azuread.ApplicationCertificateArgs{
ApplicationId: exampleApplication.ID(),
Type: pulumi.String("AsymmetricX509Cert"),
Encoding: pulumi.String("hex"),
Value: example.CertificateData,
EndDate: pulumi.String(example.CertificateAttributes.ApplyT(func(certificateAttributes []keyvault.CertificateCertificateAttribute) (*string, error) {
return &certificateAttributes[0].Expires, nil
}).(pulumi.StringPtrOutput)),
StartDate: pulumi.String(example.CertificateAttributes.ApplyT(func(certificateAttributes []keyvault.CertificateCertificateAttribute) (*string, error) {
return &certificateAttributes[0].NotBefore, nil
}).(pulumi.StringPtrOutput)),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
using AzureAD = Pulumi.AzureAD;
return await Deployment.RunAsync(() =>
{
var exampleApplication = new AzureAD.Application("example", new()
{
DisplayName = "example",
});
var example = new Azure.KeyVault.Certificate("example", new()
{
Name = "generated-cert",
KeyVaultId = exampleAzurermKeyVault.Id,
CertificatePolicy = new Azure.KeyVault.Inputs.CertificateCertificatePolicyArgs
{
IssuerParameters = new Azure.KeyVault.Inputs.CertificateCertificatePolicyIssuerParametersArgs
{
Name = "Self",
},
KeyProperties = new Azure.KeyVault.Inputs.CertificateCertificatePolicyKeyPropertiesArgs
{
Exportable = true,
KeySize = 2048,
KeyType = "RSA",
ReuseKey = true,
},
LifetimeActions = new[]
{
new Azure.KeyVault.Inputs.CertificateCertificatePolicyLifetimeActionArgs
{
Action = new Azure.KeyVault.Inputs.CertificateCertificatePolicyLifetimeActionActionArgs
{
ActionType = "AutoRenew",
},
Trigger = new Azure.KeyVault.Inputs.CertificateCertificatePolicyLifetimeActionTriggerArgs
{
DaysBeforeExpiry = 30,
},
},
},
SecretProperties = new Azure.KeyVault.Inputs.CertificateCertificatePolicySecretPropertiesArgs
{
ContentType = "application/x-pkcs12",
},
X509CertificateProperties = new Azure.KeyVault.Inputs.CertificateCertificatePolicyX509CertificatePropertiesArgs
{
ExtendedKeyUsages = new[]
{
"1.3.6.1.5.5.7.3.2",
},
KeyUsages = new[]
{
"dataEncipherment",
"digitalSignature",
"keyCertSign",
"keyEncipherment",
},
SubjectAlternativeNames = new Azure.KeyVault.Inputs.CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNamesArgs
{
DnsNames = new[]
{
"internal.contoso.com",
"domain.hello.world",
},
},
Subject = $"CN={exampleApplication.Name}",
ValidityInMonths = 12,
},
},
});
var exampleApplicationCertificate = new AzureAD.ApplicationCertificate("example", new()
{
ApplicationId = exampleApplication.Id,
Type = "AsymmetricX509Cert",
Encoding = "hex",
Value = example.CertificateData,
EndDate = example.CertificateAttributes.Apply(certificateAttributes => certificateAttributes[0].Expires),
StartDate = example.CertificateAttributes.Apply(certificateAttributes => certificateAttributes[0].NotBefore),
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuread.Application;
import com.pulumi.azuread.ApplicationArgs;
import com.pulumi.azure.keyvault.Certificate;
import com.pulumi.azure.keyvault.CertificateArgs;
import com.pulumi.azure.keyvault.inputs.CertificateCertificatePolicyArgs;
import com.pulumi.azure.keyvault.inputs.CertificateCertificatePolicyIssuerParametersArgs;
import com.pulumi.azure.keyvault.inputs.CertificateCertificatePolicyKeyPropertiesArgs;
import com.pulumi.azure.keyvault.inputs.CertificateCertificatePolicySecretPropertiesArgs;
import com.pulumi.azure.keyvault.inputs.CertificateCertificatePolicyX509CertificatePropertiesArgs;
import com.pulumi.azure.keyvault.inputs.CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNamesArgs;
import com.pulumi.azuread.ApplicationCertificate;
import com.pulumi.azuread.ApplicationCertificateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleApplication = new Application("exampleApplication", ApplicationArgs.builder()
.displayName("example")
.build());
var example = new Certificate("example", CertificateArgs.builder()
.name("generated-cert")
.keyVaultId(exampleAzurermKeyVault.id())
.certificatePolicy(CertificateCertificatePolicyArgs.builder()
.issuerParameters(CertificateCertificatePolicyIssuerParametersArgs.builder()
.name("Self")
.build())
.keyProperties(CertificateCertificatePolicyKeyPropertiesArgs.builder()
.exportable(true)
.keySize(2048)
.keyType("RSA")
.reuseKey(true)
.build())
.lifetimeActions(CertificateCertificatePolicyLifetimeActionArgs.builder()
.action(CertificateCertificatePolicyLifetimeActionActionArgs.builder()
.actionType("AutoRenew")
.build())
.trigger(CertificateCertificatePolicyLifetimeActionTriggerArgs.builder()
.daysBeforeExpiry(30)
.build())
.build())
.secretProperties(CertificateCertificatePolicySecretPropertiesArgs.builder()
.contentType("application/x-pkcs12")
.build())
.x509CertificateProperties(CertificateCertificatePolicyX509CertificatePropertiesArgs.builder()
.extendedKeyUsages("1.3.6.1.5.5.7.3.2")
.keyUsages(
"dataEncipherment",
"digitalSignature",
"keyCertSign",
"keyEncipherment")
.subjectAlternativeNames(CertificateCertificatePolicyX509CertificatePropertiesSubjectAlternativeNamesArgs.builder()
.dnsNames(
"internal.contoso.com",
"domain.hello.world")
.build())
.subject(String.format("CN=%s", exampleApplication.name()))
.validityInMonths(12)
.build())
.build())
.build());
var exampleApplicationCertificate = new ApplicationCertificate("exampleApplicationCertificate", ApplicationCertificateArgs.builder()
.applicationId(exampleApplication.id())
.type("AsymmetricX509Cert")
.encoding("hex")
.value(example.certificateData())
.endDate(example.certificateAttributes().applyValue(certificateAttributes -> certificateAttributes[0].expires()))
.startDate(example.certificateAttributes().applyValue(certificateAttributes -> certificateAttributes[0].notBefore()))
.build());
}
}
resources:
example:
type: azure:keyvault:Certificate
properties:
name: generated-cert
keyVaultId: ${exampleAzurermKeyVault.id}
certificatePolicy:
issuerParameters:
name: Self
keyProperties:
exportable: true
keySize: 2048
keyType: RSA
reuseKey: true
lifetimeActions:
- action:
actionType: AutoRenew
trigger:
daysBeforeExpiry: 30
secretProperties:
contentType: application/x-pkcs12
x509CertificateProperties:
extendedKeyUsages:
- 1.3.6.1.5.5.7.3.2
keyUsages:
- dataEncipherment
- digitalSignature
- keyCertSign
- keyEncipherment
subjectAlternativeNames:
dnsNames:
- internal.contoso.com
- domain.hello.world
subject: CN=${exampleApplication.name}
validityInMonths: 12
exampleApplication:
type: azuread:Application
name: example
properties:
displayName: example
exampleApplicationCertificate:
type: azuread:ApplicationCertificate
name: example
properties:
applicationId: ${exampleApplication.id}
type: AsymmetricX509Cert
encoding: hex
value: ${example.certificateData}
endDate: ${example.certificateAttributes[0].expires}
startDate: ${example.certificateAttributes[0].notBefore}
Create ApplicationCertificate Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ApplicationCertificate(name: string, args: ApplicationCertificateArgs, opts?: CustomResourceOptions);
@overload
def ApplicationCertificate(resource_name: str,
args: ApplicationCertificateArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ApplicationCertificate(resource_name: str,
opts: Optional[ResourceOptions] = None,
application_id: Optional[str] = None,
value: Optional[str] = None,
encoding: Optional[str] = None,
end_date: Optional[str] = None,
end_date_relative: Optional[str] = None,
key_id: Optional[str] = None,
start_date: Optional[str] = None,
type: Optional[str] = None)
func NewApplicationCertificate(ctx *Context, name string, args ApplicationCertificateArgs, opts ...ResourceOption) (*ApplicationCertificate, error)
public ApplicationCertificate(string name, ApplicationCertificateArgs args, CustomResourceOptions? opts = null)
public ApplicationCertificate(String name, ApplicationCertificateArgs args)
public ApplicationCertificate(String name, ApplicationCertificateArgs args, CustomResourceOptions options)
type: azuread:ApplicationCertificate
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ApplicationCertificateArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ApplicationCertificateArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ApplicationCertificateArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ApplicationCertificateArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ApplicationCertificateArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var applicationCertificateResource = new AzureAD.ApplicationCertificate("applicationCertificateResource", new()
{
ApplicationId = "string",
Value = "string",
Encoding = "string",
EndDate = "string",
KeyId = "string",
StartDate = "string",
Type = "string",
});
example, err := azuread.NewApplicationCertificate(ctx, "applicationCertificateResource", &azuread.ApplicationCertificateArgs{
ApplicationId: pulumi.String("string"),
Value: pulumi.String("string"),
Encoding: pulumi.String("string"),
EndDate: pulumi.String("string"),
KeyId: pulumi.String("string"),
StartDate: pulumi.String("string"),
Type: pulumi.String("string"),
})
var applicationCertificateResource = new ApplicationCertificate("applicationCertificateResource", ApplicationCertificateArgs.builder()
.applicationId("string")
.value("string")
.encoding("string")
.endDate("string")
.keyId("string")
.startDate("string")
.type("string")
.build());
application_certificate_resource = azuread.ApplicationCertificate("applicationCertificateResource",
application_id="string",
value="string",
encoding="string",
end_date="string",
key_id="string",
start_date="string",
type="string")
const applicationCertificateResource = new azuread.ApplicationCertificate("applicationCertificateResource", {
applicationId: "string",
value: "string",
encoding: "string",
endDate: "string",
keyId: "string",
startDate: "string",
type: "string",
});
type: azuread:ApplicationCertificate
properties:
applicationId: string
encoding: string
endDate: string
keyId: string
startDate: string
type: string
value: string
ApplicationCertificate Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ApplicationCertificate resource accepts the following input properties:
- Application
Id string - The resource ID of the application for which this certificate should be created. Changing this field forces a new resource to be created.
- Value string
- The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the
encoding
argument. - Encoding string
Specifies the encoding used for the supplied certificate data. Must be one of
pem
,base64
orhex
. Defaults topem
.Tip for Azure Key Vault The
hex
encoding option is useful for consuming certificate data from the azurerm_key_vault_certificate resource.- End
Date string - The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date. Changing this field forces a new resource to be created. - End
Date stringRelative A relative duration for which the certificate is valid until, for example
240h
(10 days) or2400h30m
. Changing this field forces a new resource to be created.One of
end_date
orend_date_relative
must be specified. The maximum allowed duration is determined by Azure AD and is typically around 2 years from the creation date.- Key
Id string - A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
- Start
Date string - The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created. - Type string
- The type of key/certificate. Must be one of
AsymmetricX509Cert
orSymmetric
. Changing this fields forces a new resource to be created.
- Application
Id string - The resource ID of the application for which this certificate should be created. Changing this field forces a new resource to be created.
- Value string
- The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the
encoding
argument. - Encoding string
Specifies the encoding used for the supplied certificate data. Must be one of
pem
,base64
orhex
. Defaults topem
.Tip for Azure Key Vault The
hex
encoding option is useful for consuming certificate data from the azurerm_key_vault_certificate resource.- End
Date string - The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date. Changing this field forces a new resource to be created. - End
Date stringRelative A relative duration for which the certificate is valid until, for example
240h
(10 days) or2400h30m
. Changing this field forces a new resource to be created.One of
end_date
orend_date_relative
must be specified. The maximum allowed duration is determined by Azure AD and is typically around 2 years from the creation date.- Key
Id string - A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
- Start
Date string - The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created. - Type string
- The type of key/certificate. Must be one of
AsymmetricX509Cert
orSymmetric
. Changing this fields forces a new resource to be created.
- application
Id String - The resource ID of the application for which this certificate should be created. Changing this field forces a new resource to be created.
- value String
- The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the
encoding
argument. - encoding String
Specifies the encoding used for the supplied certificate data. Must be one of
pem
,base64
orhex
. Defaults topem
.Tip for Azure Key Vault The
hex
encoding option is useful for consuming certificate data from the azurerm_key_vault_certificate resource.- end
Date String - The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date. Changing this field forces a new resource to be created. - end
Date StringRelative A relative duration for which the certificate is valid until, for example
240h
(10 days) or2400h30m
. Changing this field forces a new resource to be created.One of
end_date
orend_date_relative
must be specified. The maximum allowed duration is determined by Azure AD and is typically around 2 years from the creation date.- key
Id String - A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
- start
Date String - The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created. - type String
- The type of key/certificate. Must be one of
AsymmetricX509Cert
orSymmetric
. Changing this fields forces a new resource to be created.
- application
Id string - The resource ID of the application for which this certificate should be created. Changing this field forces a new resource to be created.
- value string
- The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the
encoding
argument. - encoding string
Specifies the encoding used for the supplied certificate data. Must be one of
pem
,base64
orhex
. Defaults topem
.Tip for Azure Key Vault The
hex
encoding option is useful for consuming certificate data from the azurerm_key_vault_certificate resource.- end
Date string - The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date. Changing this field forces a new resource to be created. - end
Date stringRelative A relative duration for which the certificate is valid until, for example
240h
(10 days) or2400h30m
. Changing this field forces a new resource to be created.One of
end_date
orend_date_relative
must be specified. The maximum allowed duration is determined by Azure AD and is typically around 2 years from the creation date.- key
Id string - A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
- start
Date string - The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created. - type string
- The type of key/certificate. Must be one of
AsymmetricX509Cert
orSymmetric
. Changing this fields forces a new resource to be created.
- application_
id str - The resource ID of the application for which this certificate should be created. Changing this field forces a new resource to be created.
- value str
- The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the
encoding
argument. - encoding str
Specifies the encoding used for the supplied certificate data. Must be one of
pem
,base64
orhex
. Defaults topem
.Tip for Azure Key Vault The
hex
encoding option is useful for consuming certificate data from the azurerm_key_vault_certificate resource.- end_
date str - The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date. Changing this field forces a new resource to be created. - end_
date_ strrelative A relative duration for which the certificate is valid until, for example
240h
(10 days) or2400h30m
. Changing this field forces a new resource to be created.One of
end_date
orend_date_relative
must be specified. The maximum allowed duration is determined by Azure AD and is typically around 2 years from the creation date.- key_
id str - A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
- start_
date str - The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created. - type str
- The type of key/certificate. Must be one of
AsymmetricX509Cert
orSymmetric
. Changing this fields forces a new resource to be created.
- application
Id String - The resource ID of the application for which this certificate should be created. Changing this field forces a new resource to be created.
- value String
- The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the
encoding
argument. - encoding String
Specifies the encoding used for the supplied certificate data. Must be one of
pem
,base64
orhex
. Defaults topem
.Tip for Azure Key Vault The
hex
encoding option is useful for consuming certificate data from the azurerm_key_vault_certificate resource.- end
Date String - The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date. Changing this field forces a new resource to be created. - end
Date StringRelative A relative duration for which the certificate is valid until, for example
240h
(10 days) or2400h30m
. Changing this field forces a new resource to be created.One of
end_date
orend_date_relative
must be specified. The maximum allowed duration is determined by Azure AD and is typically around 2 years from the creation date.- key
Id String - A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
- start
Date String - The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created. - type String
- The type of key/certificate. Must be one of
AsymmetricX509Cert
orSymmetric
. Changing this fields forces a new resource to be created.
Outputs
All input properties are implicitly available as output properties. Additionally, the ApplicationCertificate resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing ApplicationCertificate Resource
Get an existing ApplicationCertificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ApplicationCertificateState, opts?: CustomResourceOptions): ApplicationCertificate
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
application_id: Optional[str] = None,
encoding: Optional[str] = None,
end_date: Optional[str] = None,
end_date_relative: Optional[str] = None,
key_id: Optional[str] = None,
start_date: Optional[str] = None,
type: Optional[str] = None,
value: Optional[str] = None) -> ApplicationCertificate
func GetApplicationCertificate(ctx *Context, name string, id IDInput, state *ApplicationCertificateState, opts ...ResourceOption) (*ApplicationCertificate, error)
public static ApplicationCertificate Get(string name, Input<string> id, ApplicationCertificateState? state, CustomResourceOptions? opts = null)
public static ApplicationCertificate get(String name, Output<String> id, ApplicationCertificateState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Application
Id string - The resource ID of the application for which this certificate should be created. Changing this field forces a new resource to be created.
- Encoding string
Specifies the encoding used for the supplied certificate data. Must be one of
pem
,base64
orhex
. Defaults topem
.Tip for Azure Key Vault The
hex
encoding option is useful for consuming certificate data from the azurerm_key_vault_certificate resource.- End
Date string - The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date. Changing this field forces a new resource to be created. - End
Date stringRelative A relative duration for which the certificate is valid until, for example
240h
(10 days) or2400h30m
. Changing this field forces a new resource to be created.One of
end_date
orend_date_relative
must be specified. The maximum allowed duration is determined by Azure AD and is typically around 2 years from the creation date.- Key
Id string - A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
- Start
Date string - The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created. - Type string
- The type of key/certificate. Must be one of
AsymmetricX509Cert
orSymmetric
. Changing this fields forces a new resource to be created. - Value string
- The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the
encoding
argument.
- Application
Id string - The resource ID of the application for which this certificate should be created. Changing this field forces a new resource to be created.
- Encoding string
Specifies the encoding used for the supplied certificate data. Must be one of
pem
,base64
orhex
. Defaults topem
.Tip for Azure Key Vault The
hex
encoding option is useful for consuming certificate data from the azurerm_key_vault_certificate resource.- End
Date string - The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date. Changing this field forces a new resource to be created. - End
Date stringRelative A relative duration for which the certificate is valid until, for example
240h
(10 days) or2400h30m
. Changing this field forces a new resource to be created.One of
end_date
orend_date_relative
must be specified. The maximum allowed duration is determined by Azure AD and is typically around 2 years from the creation date.- Key
Id string - A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
- Start
Date string - The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created. - Type string
- The type of key/certificate. Must be one of
AsymmetricX509Cert
orSymmetric
. Changing this fields forces a new resource to be created. - Value string
- The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the
encoding
argument.
- application
Id String - The resource ID of the application for which this certificate should be created. Changing this field forces a new resource to be created.
- encoding String
Specifies the encoding used for the supplied certificate data. Must be one of
pem
,base64
orhex
. Defaults topem
.Tip for Azure Key Vault The
hex
encoding option is useful for consuming certificate data from the azurerm_key_vault_certificate resource.- end
Date String - The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date. Changing this field forces a new resource to be created. - end
Date StringRelative A relative duration for which the certificate is valid until, for example
240h
(10 days) or2400h30m
. Changing this field forces a new resource to be created.One of
end_date
orend_date_relative
must be specified. The maximum allowed duration is determined by Azure AD and is typically around 2 years from the creation date.- key
Id String - A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
- start
Date String - The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created. - type String
- The type of key/certificate. Must be one of
AsymmetricX509Cert
orSymmetric
. Changing this fields forces a new resource to be created. - value String
- The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the
encoding
argument.
- application
Id string - The resource ID of the application for which this certificate should be created. Changing this field forces a new resource to be created.
- encoding string
Specifies the encoding used for the supplied certificate data. Must be one of
pem
,base64
orhex
. Defaults topem
.Tip for Azure Key Vault The
hex
encoding option is useful for consuming certificate data from the azurerm_key_vault_certificate resource.- end
Date string - The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date. Changing this field forces a new resource to be created. - end
Date stringRelative A relative duration for which the certificate is valid until, for example
240h
(10 days) or2400h30m
. Changing this field forces a new resource to be created.One of
end_date
orend_date_relative
must be specified. The maximum allowed duration is determined by Azure AD and is typically around 2 years from the creation date.- key
Id string - A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
- start
Date string - The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created. - type string
- The type of key/certificate. Must be one of
AsymmetricX509Cert
orSymmetric
. Changing this fields forces a new resource to be created. - value string
- The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the
encoding
argument.
- application_
id str - The resource ID of the application for which this certificate should be created. Changing this field forces a new resource to be created.
- encoding str
Specifies the encoding used for the supplied certificate data. Must be one of
pem
,base64
orhex
. Defaults topem
.Tip for Azure Key Vault The
hex
encoding option is useful for consuming certificate data from the azurerm_key_vault_certificate resource.- end_
date str - The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date. Changing this field forces a new resource to be created. - end_
date_ strrelative A relative duration for which the certificate is valid until, for example
240h
(10 days) or2400h30m
. Changing this field forces a new resource to be created.One of
end_date
orend_date_relative
must be specified. The maximum allowed duration is determined by Azure AD and is typically around 2 years from the creation date.- key_
id str - A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
- start_
date str - The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created. - type str
- The type of key/certificate. Must be one of
AsymmetricX509Cert
orSymmetric
. Changing this fields forces a new resource to be created. - value str
- The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the
encoding
argument.
- application
Id String - The resource ID of the application for which this certificate should be created. Changing this field forces a new resource to be created.
- encoding String
Specifies the encoding used for the supplied certificate data. Must be one of
pem
,base64
orhex
. Defaults topem
.Tip for Azure Key Vault The
hex
encoding option is useful for consuming certificate data from the azurerm_key_vault_certificate resource.- end
Date String - The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date. Changing this field forces a new resource to be created. - end
Date StringRelative A relative duration for which the certificate is valid until, for example
240h
(10 days) or2400h30m
. Changing this field forces a new resource to be created.One of
end_date
orend_date_relative
must be specified. The maximum allowed duration is determined by Azure AD and is typically around 2 years from the creation date.- key
Id String - A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
- start
Date String - The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g.
2018-01-01T01:02:03Z
). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created. - type String
- The type of key/certificate. Must be one of
AsymmetricX509Cert
orSymmetric
. Changing this fields forces a new resource to be created. - value String
- The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the
encoding
argument.
Import
Certificates can be imported using the object ID of the associated application and the key ID of the certificate credential, e.g.
$ pulumi import azuread:index/applicationCertificate:ApplicationCertificate example 00000000-0000-0000-0000-000000000000/certificate/11111111-1111-1111-1111-111111111111
-> This ID format is unique to Terraform and is composed of the application’s object ID, the string “certificate” and the certificate’s key ID in the format {ObjectId}/certificate/{CertificateKeyId}
.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Active Directory (Azure AD) pulumi/pulumi-azuread
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azuread
Terraform Provider.